From 22cd7766cdbd9e726037f4e95f86f9abaa62787c Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Wed, 7 Jan 2026 11:11:17 +0800
Subject: [PATCH] =?UTF-8?q?~=E5=A2=9E=E5=8A=A0=E5=8D=95=E7=8B=AC=E6=8C=87?=
 =?UTF-8?q?=E5=AE=9Adns=E5=8A=AB=E6=8C=81=E7=AB=AF=E5=8F=A3=E7=9A=84?=
 =?UTF-8?q?=E5=8A=9F=E8=83=BD(=E7=94=A8=E4=BA=8E=E6=90=AD=E9=85=8D?=
 =?UTF-8?q?=E7=AC=AC=E4=B8=89=E6=96=B9DNS=E6=9C=8D=E5=8A=A1)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/get_config.sh    |  3 ++-
 scripts/menu.sh               |  5 ++---
 scripts/starts/fw_iptables.sh | 14 +++++++-------
 scripts/starts/fw_nftables.sh |  6 +++---
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/scripts/libs/get_config.sh b/scripts/libs/get_config.sh
index e883e864..333c85ac 100644
--- a/scripts/libs/get_config.sh
+++ b/scripts/libs/get_config.sh
@@ -6,7 +6,8 @@
 [ -z "$tproxy_port" ] && tproxy_port=7893
 [ -z "$db_port" ] && db_port=9999
 [ -z "$dns_port" ] && dns_port=1053
-[ -z "$fwmark" ] && fwmark=$redir_port
+[ -z "$dns_redir_port" ] && dns_redir_port="$dns_port"
+[ -z "$fwmark" ] && fwmark="$redir_port"
 routing_mark=$((fwmark + 2))
 [ -z "$table" ] && table=100
 
diff --git a/scripts/menu.sh b/scripts/menu.sh
index 5bd28591..86dac1e0 100644
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -38,16 +38,15 @@ checkport() { #检查端口冲突
             echo -e "\033[0m-----------------------------------------------"
             echo -e "\033[36m请修改默认端口配置！\033[0m"
             . "$CRASHDIR"/menus/2_settings.sh && set_adv_config
-            . "$CFG_PATH" >/dev/null
+            . "$CRASHDIR"/libs/get_config.sh
             checkport
         fi
     done
 }
 ckstatus() { #脚本启动前检查
-    #检查/读取脚本配置文件
+    #检查脚本配置文件
     if [ -f "$CFG_PATH" ]; then
         [ -n "$(awk 'a[$0]++' $CFG_PATH)" ] && awk '!a[$0]++' "$CFG_PATH" >"$CFG_PATH" #检查重复行并去除
-        . "$CFG_PATH" 2>/dev/null
     else
         . "$CRASHDIR"/init.sh >/dev/null 2>&1
     fi
diff --git a/scripts/starts/fw_iptables.sh b/scripts/starts/fw_iptables.sh
index 4c5df9d3..5e0b4681 100644
--- a/scripts/starts/fw_iptables.sh
+++ b/scripts/starts/fw_iptables.sh
@@ -108,18 +108,18 @@ start_ipt_dns() { #iptables-dns通用工具
     if [ "$2" = 'PREROUTING' ] && [ "$3" != 'shellcrash_vm_dns' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ]; then
         [ -s "$CRASHDIR"/configs/mac ] &&
             for mac in $(cat "$CRASHDIR"/configs/mac); do
-                "$1" $w -t nat -A "$3" -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
-                "$1" $w -t nat -A "$3" -p udp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
+                "$1" $w -t nat -A "$3" -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports "$dns_redir_port"
+                "$1" $w -t nat -A "$3" -p udp -m mac --mac-source $mac -j REDIRECT --to-ports "$dns_redir_port"
             done
         [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] &&
             for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
-                "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports $dns_port
-                "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports $dns_port
+                "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+                "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
             done
     else
         for ip in $HOST_IP; do #仅限指定网段流量
-            "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports $dns_port
-            "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports $dns_port
+            "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+            "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
         done
     fi
     [ "$1" = 'ip6tables' ] && { #屏蔽外部请求
@@ -258,7 +258,7 @@ start_iptables() { #iptables配置总入口
         start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
     }
     #启动DNS劫持
-    [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
+    [ "$firewall_area" -le 3 ] && {
         [ "$lan_proxy" = true ] && {
             start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
             if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
diff --git a/scripts/starts/fw_nftables.sh b/scripts/starts/fw_nftables.sh
index 8e251c5b..53a9bf53 100644
--- a/scripts/starts/fw_nftables.sh
+++ b/scripts/starts/fw_nftables.sh
@@ -129,8 +129,8 @@ start_nft_dns() { #nftables-dns
             nft add rule inet shellcrash "$1"_dns ether saddr != {$MAC} return
         fi
     }
-    nft add rule inet shellcrash "$1"_dns udp dport 53 redirect to ${dns_port}
-    nft add rule inet shellcrash "$1"_dns tcp dport 53 redirect to ${dns_port}
+    nft add rule inet shellcrash "$1"_dns udp dport 53 redirect to "$dns_redir_port"
+    nft add rule inet shellcrash "$1"_dns tcp dport 53 redirect to "$dns_redir_port"
 }
 start_nft_wan() { #nftables公网防火墙
 	HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
@@ -163,7 +163,7 @@ start_nftables() { #nftables配置总入口
     #公网访问防火墙
     [ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan
     #启动DNS劫持
-    [ "$dns_no" != "已禁用" -a "$dns_redir" != "ON" -a "$firewall_area" -le 3 ] && {
+    [ "$firewall_area" -le 3 ] && {
         [ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发
         [ "$local_proxy" = true ] && start_nft_dns output output       #本机dns转发
     }